Scamwatch warns email scams on the rise, charities should be wary
Organisations should urgently review accounts and invoices as reports of email scams have gone up by a third in just 2018, Scamwatch has warned.
The Australian Competition and Consumer Commission (ACNC) body for protecting against scams warned Australian businesses and charities that hackers are using fake emails that appear legitimate to funnel money directly into their own accounts.
ACCC Deputy Chair, Delia Rickard, said: “It’s a scam that targets all kinds of business, including charities and local sporting clubs. There is a misconception these scams target just small businesses, however, the largest amount of reports and losses come from medium sized businesses, including one that lost more than $300,000.”
Businesses have reported a total of $2.8 million lost to scammers in 2018. However, this represents only a fraction of total losses to an email variety of scams. BEC scams cause significant financial harm, accounting for 63 per cent of all business losses.
BEC scams occur when a hacker gains access to a business’s email account or ‘spoof’ an email so it appears to come from the company. The hacker then sends an email to customers claiming the business’s banking details have changed and future invoices should be sent to a new account, with payments then going to the hacker.
In other variations, the hacker will then send an email internally to a business’s account team, pretending to be the CEO, asking for funds to be sent to an offshore account. In some cases, hackers also request salary payments to be paid into a new account.
“Effective management procedures can go a long way towards preventing scams, so all businesses should firstly be aware these scams exist and that their staff know about them too,” Rickard said. “They should consider a multi-person approval process for transactions over a certain dollar threshold and keep their IT security up-to-date.”
Scamwatch suggested that organisation affected by BEC scams should contact their financial institution and consider professional IT advice to ensure email systems and data are secure from hackers and reduce risks for future issues.
“Businesses should also check directly with their supplier if they notice a change in account details. It’s vital businesses don’t do this just by return email or using other contact details provided,” Rickard warned.
“Find older communications to ensure you have the right contact details or otherwise independently source them, so they can be sure they’re not contacting the scammer.”